Month after month, the Security Headlines section of this newsletter features the latest network attack that results in names, email addresses, passwords and more being compromised. More often than not, that information ends up online for sale to the highest bidder. Sadly, while studies have shown that despite all the media attention and news coverage, the strength of the average password has not increased significantly.
The illustration below highlights the problem with using one weak password. When a hacker gains access to a computer network and steals a record that contains a user name and password combination, that hacker can then try that same combination on several other websites. So if you use the same user name and password combination for all your websites and it gets compromised, a hacker can do some serious damage to your business, your bank accounts, credit report and identity as a whole.
So first of all, you need to create a strong and complex password. Next, you need to create a different strong and complex password for each and every website you visit or app that you use. Then, you need to remember all these new, strong passwords. That might be the tricky part. Luckily, eNet Systems has your solution — a password manager. These days, an effective password manager just might be the most important piece of software on your system.
All this discussion on weak passwords and the security breaches of global corporations (and maybe even government entities) should lead us to examine the safety and security of our own computer network. The truth is that small and medium size businesses are just as much of a target for international hackers as global corporations. So has the security of your network ever been tested? Could your network block an outside intruder? eNet Systems can help you find out. Learn more about the Network Security Services eNet Systems can provide your business.
Earlier this month, Advocate Health System, the largest health system in Illinois, was fined $5.5 million by the Office of Civil Rights for three breaches that occurred in 2013. This is the largest fine for one organization to date by the OCR. The lessons that healthcare practices can learn from the OCR resolution — as outlined on Healthicity — are as follows:
* Perform a thorough risk assessment
* Implement a plan to fix the findings in your risk assessment
* Be sure to assess the actual physical security of your IT assets
* Have a Business Associates Agreement in place with all your Business Associates who handle your ePHI
* Include an encryption report
Those guidelines are nearly identical to the ones we have had listed on our own Healthcare page for months — see if you agree.
Google's Duo Helps Connect iOS and Android Users on Video Calling
In an attempt to corner the market of one-on-one video calling, Google has released Duo, an app that allows users to make video calls between iOS and Android devices. Apple's FaceTime cannot do this. Currently, Facebook Messenger can do this and WhatsApp is rumored to be experimenting. With Duo, Google is attempting to claim ownership of this market while it can.
Samsung Galaxy Note 7
This new 5.7-inch model is certainly a big screen phone that comes with some big storage space as well — 64 GB standard compared with a competitor's 32 GB. According to a CNET review, the battery life is much improved and gets a 10 point rating — plus you can charge it wirelessly. The bottom line is that while the Note is a powerful and beautiful phone with wraparound glass and a curved screen, it is also just about the most expensive phone you can buy today.
Apple Releases iOS 9.3.5 as Important Security Update
Apple provided this important update just 10 days after being informed that an Israeli company called the NSO Group had developed a spyware called Pegasus that exploited three security flaws in the iOS. "Pegasus is professionally developed and highly advanced in its use of zero-day vulnerabilities...," says security firm Lookout. "It steals the victim’s contact list and GPS location, as well as personal, Wi-Fi and router passwords stored on the device." What's more troubling is that all this can happen silently without the user ever knowing. So update today.
Was the NSA Just Hacked?
It has been reported that a group called the Shadow Brokers has released what appears to be top-secret computer code used by the National Security Agency (NSA) to infiltrate the networks of foreign governments. So does this mean the NSA was actually hacked, and if so by whom? Experts who have examined the posts say it does resemble code that was developed in a highly classified unit of the NSA. The code appears to be more current than some of the files exposed by former NSA contractor Edward Snowden who has expressed his opinion that the hack was backed by Russian intelligence.
Was Yahoo Affected by the Mega Breach?
According to BBC.com, "Yahoo is investigating claims the hacker linked to "mega-breaches" at MySpace and LinkedIn has posted details of 200 million Yahoo accounts to a marketplace on the dark web. One hacker recently sought almost $100,000 (£75,000) for 655,000 records taken from three US healthcare suppliers. By contrast, the alleged Yahoo data dump, much of which seems to be old or disused credentials, commands a price of less than $2,000." Whether or not current Yahoo credentials were affected, the take-away message is clear. Create a strong, complex password and use a different one for every website you visit. (See feature story for tips on selecting a password manager.)
Set up Two Factor Authentication on LinkedIn
Two factor authentication is an important and extra layer of security used by some websites that requires not only a username and password but also something that only the user would have access to ... such as a code texted to a mobile phone.
* From your LinkedIn home page, hover over your thumbnail photo in the upper-right corner, and a menu called Account & Settings should pop up. Then, click on the Privacy & Settings option.
* At your account page, click on the Privacy category at the top. Scroll down to the Security section and click on the option for Two-step verification.
* Add your phone number if requested. Enter your password. Then type the verification code you receive on your mobile phone and click on Verify.
* Go back to the Privacy section and again scroll down to the Security section and click on the option for Two-step verification. Click on the link to Turn on. Again, enter your LinkedIn password. And again, enter the verification code sent to your mobile phone and click on Verify.
* Each time you sign in to your LinkedIn account, the site will send a verification code to your phone. Simply enter that code at the Two-Step Verification page to log in.